Security - HP ProCurve 5300xl Series Management Manual
Advanced traffic
Hide thumbs
Also See for ProCurve 5300xl Series:
- Access security manual (292 pages) ,
- Specification sheet (12 pages) ,
- Management and configuration manual (508 pages)
Table of Contents
Advertisement
C a u t i o n
Note
What traffic can you implicitly block by taking advantage of the
■
implicit deny IP any to deny traffic that you have not explicitly
permitted? This can reduce the number of entries needed in an ACL.
What traffic should you permit? In some cases you will need to
■
explicitly identify permitted traffic. In other cases, depending on your
policies, you can insert a permit any entry at the end of an ACL. This
means that all IP traffic not specifically matched by earlier entries in
the list will be permitted.
Security
ACLs can enhance security by blocking routed IP traffic carrying an unautho
rized source IP address (SA). This can include:
■
Blocking access to or from subnets in your network
■
Blocking access to or from the internet
Blocking access to sensitive data storage or restricted equipment
■
Preventing the use of specific TCP or UDP functions (such as Telnet,
■
SSH, web browser) for unauthorized access
You can also enhance switch management security by using ACLs to block
bridged IP traffic that has the switch itself as the destination address (DA).
ACLs can enhance network security by blocking selected IP traffic, and can
serve as one aspect of maintaining network security. However, because ACLs
do not provide user or device authentication, or protection from malicious
manipulation of data carried in IP packet transmissions, they should not
be relied upon for a complete security solution.
ACLs in the Series 5300XL switches do not screen non-IP traffic such as
AppleTalk and IPX.
Access Control Lists (ACLs) for the Series 5300xl Switches
Planning an ACL Application
9-17
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
